Re: Modify the routing behavior of an SSG5-Serial firewall.
Hello,Try to add more specific ones via Tunnel (I haven't used ScreenOS for long time so typing from memory):set route 0.0.0.0/1 interface tunnel.1 set route 128.0.0.0/1 interface tunnel.1And DON'T...
View ArticleRe: Modify the routing behavior of an SSG5-Serial firewall.
Hi, As Alex mentioned, you can try more specific routes or else you can try source or source based routing. Source routes are preferred over the static routes....
View ArticleRe: Modify the routing behavior of an SSG5-Serial firewall.
since you want all the local traffic to go over the VPN, how about place the local interfaces and the VPN tunnel interface into a separate virtual router. The main virtual router will have the ISP...
View ArticleNetscreen SSG140 and TACACS.net Authorization
Hello Guys, I am setting up TACACS for admin login but having some issue to get pass through the authorization via TACACS server. I dont have any idea how to configure the "authorization.xml" in the...
View ArticleSSG320 Interfaces inaccessable
Hello - I have a SSG320 running version 6.3.0 r25. A few months ago the device stopped passing traffic. I was unable to ping interfaces and the console port was frozen. Lights looked normal with the...
View ArticleRe: SSG320 Interfaces inaccessable
Hello, I have not come across this issue so far.Does 'get log sys saved' show anything after power cycle?Anything non-standard reported in 'get log sys' output when compared over multiple days?Has the...
View ArticleRe: Netscreen SSG140 and TACACS.net Authorization
Hello, Looks like authentication is okay but authorization is giving error.Can you provide relevent configuration from SSG140 for TACACs? Regards, Rushi
View ArticleRe: Netscreen SSG140 and TACACS.net Authorization
Hi Rushi, Thanks for your reply. Below are the configurations. Nothing is wrong right? set auth-server "external" id 1set auth-server "external" server-name "172.16.2.202"set auth-server "external"...
View ArticleRe: SSG320 Interfaces inaccessable
No changes on my network. TAC was unable to locate any issues and stated logs are flushed on power cycle so nothing to look at. 'get log sys saved' returns an old error and 'get log sys' return is...
View ArticleRe: SSG320 Interfaces inaccessable
Do you have an external syslog server configured that would have collected data at the time right before the failure?
View ArticleRe: SSG320 Interfaces inaccessable
I do have the SSG configured to point to a syslog. It only seems to be logging logon type stuff. Can you tell me how I should configure the logging settings so these types of events are sent to syslog?...
View Articlehigh cpu - ip spoofing on mgmt int
I have high cpu on a netscreen isg-2000. Juniper is saying it could be due to ipspoofing that is on the mgmt interface. Im not sure as the ipspoofing events have been happening for a while now.. but...
View ArticleRe: high cpu - ip spoofing on mgmt int
Are you using IPv6 on your management interface? If not, I would recommend blocking it upstream. IP spoofing is based on the routing table, so you would need to have a route for the IPv6 traffic out...
View ArticleRe: high cpu - ip spoofing on mgmt int
Thanks. I am not using ipv6 on the mgmt int. But I just checked the upstream l3vpn for our mgmt network and it does not have an ipv6 address on it. I have no idea where its coming from. I guess could...
View ArticleRe: SSG320 Interfaces inaccessable
You can ship event logs and traffic logs to the syslog server. This is setup here.Configuration > Report settings > syslog
View ArticleRe: high cpu - ip spoofing on mgmt int
Hello, From 8006:6c8e:a82:283f:a82:28f7:50:ab77 to ff02::1, proto 58That would be ICMPv6, equivalent to IPv4 ARP. It could be from any IPv6-enabled host/PC/printer etc. likely misconfigured because...
View ArticleHelp Updating and Securing a SSG 5
I have been using a Netscreen SSG-5 firewall for my home office since 2009. It has been a few years since I updated the firmware or configuration and I need some advice/help. I recently received an...
View ArticleRe: Help Updating and Securing a SSG 5
None of the modern browsers will like a self signed cert, so you will need to save and accept that and get used to the working label on the lock. Generating a new one with a valid date is probably...
View Article